Fixed bug: When username is not in lowercase, It threw a NPE.

Author: dperezcabrera

core/src/main/java/org/springframework/security/provisioning/InMemoryUserDetailsManager.java

@@ -143,7 +143,7 @@ public void changePassword(String oldPassword, String newPassword) {
 	@Override
 	public UserDetails updatePassword(UserDetails user, String newPassword) {
 		String username = user.getUsername();
-		MutableUserDetails mutableUser = this.users.get(username);
+		MutableUserDetails mutableUser = this.users.get(username.toLowerCase());
 		mutableUser.setPassword(newPassword);
 		return mutableUser;
 	}

core/src/test/java/org/springframework/security/provisioning/InMemoryUserDetailsManagerTests.java

@@ -18,6 +18,7 @@
 
 import org.junit.Test;
 import org.springframework.security.core.userdetails.PasswordEncodedUser;
+import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 
 import static org.assertj.core.api.Assertions.*;
@@ -37,4 +38,15 @@ public void changePassword() {
 		this.manager.updatePassword(this.user, newPassword);
 		assertThat(this.manager.loadUserByUsername(this.user.getUsername()).getPassword()).isEqualTo(newPassword);
 	}
+
+	@Test
+	public void changePasswordWhenUsernameIsNotInLowercase() {
+		UserDetails userNotLowerCase = User.withUserDetails(PasswordEncodedUser.user())
+				.username("User")
+				.build();
+
+		String newPassword = "newPassword";
+		this.manager.updatePassword(userNotLowerCase, newPassword);
+		assertThat(this.manager.loadUserByUsername(userNotLowerCase.getUsername()).getPassword()).isEqualTo(newPassword);
+	}
 }